WEDETECTTHECYBERTHREATSTHATOTHERTECHNOLOGIESMISS
WhyTechnologyisNottheAnswerTheCaseforManagedDetection&Response(MDR)
Date October2016
Presenter Sean BlenkhornSr.Director,SolutionsEngineering&AdvisoryServiceseSentire Inc.
WhoamI?
» 20yearsinInformationTechnology&Security» Backgroundasasoftwaredeveloper» FocusedinSecuritythelast10+years» ConsultanttoFortune50,100,and500firmsaroundglobal
deploymentsandmanagementinkeytechnologies» DataLossPrevention,SIEM,Encryption,NetworkAccessControland
more…
» Speakeratvariousconferencesonsecurityandcompliance
©2016eSentire,Inc.
SLIDE2
©2016eSentire,Inc.
SLIDE3
C AMBR I D G E | N EW YO R K | B O S TON | L O NDON | C O R K
Proven Cybersecurityfor Mid-sized Enterprise
300EMPLOYEES
2001FOUNDED
600+
CUSTOMERS
90%
YOY GROWTH
98%
RETENTION
$3.0TASSETS PROTECTED
MANAGED DETECTION & RESPONSE
CYBERCRIMEISBIGBUSINESS
$100BILLION
SPENT
$1.2TRILLION
STOLEN
MEANS⌾ MOTIVE⌾ OPPORTUNITY
EASY ACCESS TOCYBER WEAPONRY
ACCESS
MINIMAL CYBERSKILLS REQUIRED
EASY
MOTIVATIONIS HIGH
LUCRATIVE
NO NEGATIVEREPERCUSSIONS
IMPUNITY
SOPHISTICATEDCYBERATTACKS
SOCIALENGINEERING
BUSINESSEMAIL COMPROMISE
TARGETEDATTACKS
WARERAN
SOMPHISHING
CAMPAIGNS
SYSTEMIC VULNERABILITIESEXPLOITATIONS
WATERING
HOLES
©2016eSentire,Inc.
SLIDE8
©2016eSentire,Inc.
SLIDE11
WhyWon’tTechnologyWork?
Copyright2015eSentire,Inc.12
GOOD BAD
24X7 Human Monitoring and
Hunting
Intervention & Response
Detection and Prevention Technology
• Real-time detection and prevention of known attacks
• Signal suspicious network behavior to detect unknown attacks
• Real-time forensics via 24X7 Global SOC
• Add insights to raw signals• Quickly determine if weird
normal or weird bad
• Contain Threat• Escalate to customer• Remediate
KeystoSucceed
» TECHNOLOGY+PEOPLE+PROCESS» Therighttechnologygeneratingtherightsignals» People=GrayMatterAnalytics» Provideaccesstotherightrawdatafordecision-making(forensics)» Integration– ensuretoolsworktogetherasseamlesslyaspossible» Defined,repeatableprocessensuringwecangofromsignalgeneration,
tosignalenhancementtoresponseinveryshortamountoftime->Velocity
» Backtobasics» Networksegregation,accesscontrols,etc.(SANSTop20)
Copyright2015eSentire,Inc.14
RANSOMWARE7:43AM
AMP BLOCKS 1st 87.exeDOWNLOADED FROM 10th IP
7:44AMTESLACRYPT BEACONS
TO CNC SERVER
7:54AMSOC ALERTS ON INFECTION
AND BLOCKS TRAFFIC
8:30AMINFECTED HOST
ISOLATED/MITIGATED
FINANCIALFIRM
+1866.579.2200 [email protected] www.esentire.com Followus@esentire© 2016 eSentire, Inc.
SLIDE 16
THANKYOU
QUESTIONS NEXTSTEPS